Computer Security: protect your click

Today, “links” are the main threat to your operating system and, consequently, to your professional and private data. With one single “click”, an attacker can compromise your device and start snooping on your life. While we still rely on you to click with care (remember – “Stop – Think –Don’t click”), the CERN IT department is preparing additional measures for your protection.

Indeed, malicious links or URLs embedded in websites or e-mails, as well as malicious PDFs (attachments or downloads) can take advantage of the inherent vulnerabilities in your operating system – most likely if you are running a Microsoft Windows operating system or have an Android Smartphone, but still possible if you run MacOS, and not fully impossible with Linux or Apple iOS. Following your innocent click on a malicious link, URL or PDF, a well-crafted piece of software is executed that anchors itself in your operating system and clandestinely takes control.

With this unfortunate click, the adversary now has access to all your locally stored data. Software. Documents. Photos. Videos. Reading your e-mails. Snapshotting your activities. With your unfortunate click, the adversary might enable your webcam and your microphone. Watching and listening to you. With this momentous click, you are naked. Your life is exposed. And the chances are low that you will even detect it…

Last year, a dedicated clicking campaign using untargeted and irrelevant e-mails to all CERN people resulted in a 20% click-rate. 20%! This means that an attacker would now own up to 20% of CERN PCs… Fortunately, this was part of a campaign we ran to help you understand the risks of clicking (One click and BOOM…). In summer 2015, we weren’t that lucky. A targeted attack, starting with two malicious e-mails, kept the Computer Security Team busy for two months and caused some non-negligible costs for the Organization. Fortunately, given the potential risk, damage was very limited.

In either case, “Stop – Think – Don’t click” is your – and CERN’s! – first line of defence. If you receive e-mails that are not addressed to you, not in a language you usually use, with weird or unrelated content, full of typos, with a sender whose e-mail address looks completely different, take care! This might be such a malicious e-mail (for more details on how to identify malicious emails, click here). But you are not alone. The IT department has recently deployed a dedicated device automatically analysing all our e-mails for such malicious content. The “Fireeye EX” device even simulates user activity trying to trigger any malicious activity in the e-mails sent to us. And since malicious PDFs are one of the main attack routes, plans are currently being made to replace our current solution with a suitable and safe alternative. This would replace a notoriously vulnerable software package with something much less likely to be targeted. Finally, the IT department is currently working on better reinforcing Windows PCs so that they are less susceptible to unfortunate clicks, while making this completely transparent for you. A draft of such guidelines can be found here. But beware, for the moment this is for the experts and for very specific use cases only!